scripts/Makefile.kasan | 43 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 22 deletions(-)
From: Andrey Konovalov <andreyknvl@gmail.com>
When KASAN support was being added to the Linux kernel, GCC did not yet
support all of the KASAN-related compiler options. Thus, the KASAN
Makefile had to probe the compiler for supported options.
Nowadays, the Linux kernel GCC version requirement is 5.1+, and thus we
don't need the probing of the -fasan-shadow-offset parameter: it exists in
all 5.1+ GCCs.
Simplify the KASAN Makefile to drop CFLAGS_KASAN_MINIMAL.
Also add a few more comments and unify the indentation.
Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com>
---
scripts/Makefile.kasan | 43 +++++++++++++++++++++---------------------
1 file changed, 21 insertions(+), 22 deletions(-)
diff --git a/scripts/Makefile.kasan b/scripts/Makefile.kasan
index 390658a2d5b74..04b108f311d24 100644
--- a/scripts/Makefile.kasan
+++ b/scripts/Makefile.kasan
@@ -22,30 +22,29 @@ endif
ifdef CONFIG_KASAN_GENERIC
ifdef CONFIG_KASAN_INLINE
+ # When the number of memory accesses in a function is less than this
+ # call threshold number, the compiler will use inline instrumentation.
+ # 10000 is chosen offhand as a sufficiently large number to make all
+ # kernel functions to be instrumented inline.
call_threshold := 10000
else
call_threshold := 0
endif
-CFLAGS_KASAN_MINIMAL := -fsanitize=kernel-address
-
-# -fasan-shadow-offset fails without -fsanitize
-CFLAGS_KASAN_SHADOW := $(call cc-option, -fsanitize=kernel-address \
- -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \
- $(call cc-option, -fsanitize=kernel-address \
- -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
-
-ifeq ($(strip $(CFLAGS_KASAN_SHADOW)),)
- CFLAGS_KASAN := $(CFLAGS_KASAN_MINIMAL)
-else
- # Now add all the compiler specific options that are valid standalone
- CFLAGS_KASAN := $(CFLAGS_KASAN_SHADOW) \
- $(call cc-param,asan-globals=1) \
- $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
- $(call cc-param,asan-instrument-allocas=1)
-endif
-
-CFLAGS_KASAN += $(call cc-param,asan-stack=$(stack_enable))
+# First, enable -fsanitize=kernel-address together with providing the shadow
+# mapping offset, as for GCC, -fasan-shadow-offset fails without -fsanitize
+# (GCC accepts the shadow mapping offset via -fasan-shadow-offset instead of
+# a normal --param). Instead of ifdef-checking the compiler, rely on cc-option.
+CFLAGS_KASAN := $(call cc-option, -fsanitize=kernel-address \
+ -fasan-shadow-offset=$(KASAN_SHADOW_OFFSET), \
+ $(call cc-option, -fsanitize=kernel-address \
+ -mllvm -asan-mapping-offset=$(KASAN_SHADOW_OFFSET)))
+
+# Now, add other parameters enabled in a similar way with GCC and Clang.
+CFLAGS_KASAN += $(call cc-param,asan-instrumentation-with-call-threshold=$(call_threshold)) \
+ $(call cc-param,asan-stack=$(stack_enable)) \
+ $(call cc-param,asan-instrument-allocas=1) \
+ $(call cc-param,asan-globals=1)
# Instrument memcpy/memset/memmove calls by using instrumented __asan_mem*()
# instead. With compilers that don't support this option, compiler-inserted
@@ -57,9 +56,9 @@ endif # CONFIG_KASAN_GENERIC
ifdef CONFIG_KASAN_SW_TAGS
ifdef CONFIG_KASAN_INLINE
- instrumentation_flags := $(call cc-param,hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET))
+ instrumentation_flags := $(call cc-param,hwasan-mapping-offset=$(KASAN_SHADOW_OFFSET))
else
- instrumentation_flags := $(call cc-param,hwasan-instrument-with-calls=1)
+ instrumentation_flags := $(call cc-param,hwasan-instrument-with-calls=1)
endif
CFLAGS_KASAN := -fsanitize=kernel-hwaddress \
@@ -70,7 +69,7 @@ CFLAGS_KASAN := -fsanitize=kernel-hwaddress \
# Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*().
ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y)
-CFLAGS_KASAN += $(call cc-param,hwasan-kernel-mem-intrinsic-prefix=1)
+ CFLAGS_KASAN += $(call cc-param,hwasan-kernel-mem-intrinsic-prefix=1)
endif
endif # CONFIG_KASAN_SW_TAGS
--
2.25.1On Wed, Aug 14, 2024 at 12:40 AM <andrey.konovalov@linux.dev> wrote: > > Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com> It is easier to read now, and indeed GCC 5.1+ and LLVM 13+ both support the flags, so `CFLAGS_KASAN_SHADOW` can't be empty. > +# First, enable -fsanitize=kernel-address together with providing the shadow > +# mapping offset, as for GCC, -fasan-shadow-offset fails without -fsanitize > +# (GCC accepts the shadow mapping offset via -fasan-shadow-offset instead of > +# a normal --param). Instead of ifdef-checking the compiler, rely on cc-option. I guess "a normal --param" means here that it is the usual way to tweak the rest of the KASAN parameters, right? > +# Now, add other parameters enabled in a similar way with GCC and Clang. I think the "with" sounds strange, but I am not a native speaker. Perhaps "in a similar way with" -> "similarly in both"? Thanks! Cheers, Miguel
On Wed, Aug 14, 2024 at 5:37 PM Miguel Ojeda <miguel.ojeda.sandonis@gmail.com> wrote: > > On Wed, Aug 14, 2024 at 12:40 AM <andrey.konovalov@linux.dev> wrote: > > > > Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com> > > It is easier to read now, and indeed GCC 5.1+ and LLVM 13+ both > support the flags, so `CFLAGS_KASAN_SHADOW` can't be empty. > > > +# First, enable -fsanitize=kernel-address together with providing the shadow > > +# mapping offset, as for GCC, -fasan-shadow-offset fails without -fsanitize > > +# (GCC accepts the shadow mapping offset via -fasan-shadow-offset instead of > > +# a normal --param). Instead of ifdef-checking the compiler, rely on cc-option. > > I guess "a normal --param" means here that it is the usual way to > tweak the rest of the KASAN parameters, right? Yes, clarified in v2. > > +# Now, add other parameters enabled in a similar way with GCC and Clang. > > I think the "with" sounds strange, but I am not a native speaker. > Perhaps "in a similar way with" -> "similarly in both"? Sure, done in v2. Thank you!
© 2016 - 2026 Red Hat, Inc.